Overview

overview

10

Static

static

1

74fdf3602d...96.exe

windows7-x64

9

74fdf3602d...96.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    74fdf3602d7c2e8c1df4265f4d309b96

  • Size

    3.5MB

  • Sample

    240125-t6y33abfgk

  • MD5

    74fdf3602d7c2e8c1df4265f4d309b96

  • SHA1

    4bf6733e497354532e93e0bb933db5e10864f895

  • SHA256

    2134b2388686731bcafb15c3f575323fdb4a74795e284241da5915f1ffd01950

  • SHA512

    bd139fa8a7a283335555c8c30fcd40c4f12e82a023485adbd602c25398dd5cbd0d29661bfbd81b788d5174bf29eb574c377549463c05238a5cee6a1af8831a21

  • SSDEEP

    98304:9w1scAhH6+fHpDx4N3PUkeT/Gx0rvQ7h8bW1xmwX9:+1scDYHpDxG3PUz/G4Q7h91B

Score
10/10
kinsingdiscoveryevasionloader

Malware Config

Targets

    • Target

      74fdf3602d7c2e8c1df4265f4d309b96

    • Size

      3.5MB

    • MD5

      74fdf3602d7c2e8c1df4265f4d309b96

    • SHA1

      4bf6733e497354532e93e0bb933db5e10864f895

    • SHA256

      2134b2388686731bcafb15c3f575323fdb4a74795e284241da5915f1ffd01950

    • SHA512

      bd139fa8a7a283335555c8c30fcd40c4f12e82a023485adbd602c25398dd5cbd0d29661bfbd81b788d5174bf29eb574c377549463c05238a5cee6a1af8831a21

    • SSDEEP

      98304:9w1scAhH6+fHpDx4N3PUkeT/Gx0rvQ7h8bW1xmwX9:+1scDYHpDxG3PUz/G4Q7h91B

    Score
    10/10
    discoveryevasionkinsingloader

    • Kinsing

      Kinsing is a loader written in Golang.

      loaderkinsing

    • Checks for common network interception software

      Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks